MalDetector-using permission combinations to evaluate malicious features of Android App

Attackers who designed malware seem to be so cautious that most of the malware are disguised as normal apps. This brings about huge difficulties to detect the malware. Similar with traditional PC testing, there are two main detection methods for Android malware: static analysis and dynamic monitoring. However, these methods inevitably face the challenge of code confusion performance cost. In this paper, a new evaluation algorithm based on the statistic technologies is proposed. By extracting permission features, we propose a reasonable method to judge whether an Android app is malicious or not. Besides, an evaluation prototype system MalDetector is developed to verify the effectiveness of our approach. We took 1260 malware and 10k market apps as “malicious” and “benign” datasets respectively. Sufficient experiments on these datasets show that MalDetector is more accurate and with lower false positive rate compared with other traditional methods.